Remarks and Arguments 

Claims 1-128 have been presented for examination. Claims 101-128 have been 
amended. 

Claims 1-128 have been rejected under 35 U.S.C. §1 03(a) as obvious over U.S. 
Patent No. 5,220,604 (Gasser, previously cited) in view of U.S. Patent No. 5,339,403 
(Parker.) The examiner comments that the Gasser reference discloses the claimed 
limitations and discloses the presentation of credentials, but, in Gasser , the credentials 
must be looked up for comparison and Gasser does not disclose making the credentials 
available to the group. However, the examiner asserts that the Parker reference 
discloses the presentation of credentials that contain user access rights and are 
organized by grouping. The examiner concludes that it would have been obvious to one 
skilled in the art to combine the teachings of Gasser and Parker because Parker 
discloses that a user needs to be authenticated once and the resulting privilege attribute 
certificate can be reused to access several different applications and thus it would have 
been obvious to combine the references in order to speed up the process of accessing 
application as disclosed by Parker . 

As previously discussed, the Gasser reference discloses a conventional access 
control system in which a system resource, to which access is requested by principals, 
determines whether or not access is granted. Thus, if a principal is a member of a 
group, it is the resource that searches that group to determine whether access will be 
granted. This operation is described at several places in the Gasser reference. See, 
for example, Gasser column 3, lines 24-28 and lines 55-63 and column 5, lines 29-34 
(where a reference monitor associated with the resource determines whether access 
will be granted by checking an access control list or verifying membership in a group.) 
Similarly, Gasser discloses authentication procedure between two principals P1 and P2 
at column 6, line 48-column 7, line 37 and at column 9, lines 16-48. Here it is clear that 
the principal requesting authentication (P1) merely presents a nonce encrypted with a 
private key to principal P2 and principal P2 does the rest of the work including any 
lookups required. 

Thus, as the examiner notes, Gasser does not teach or suggest that the 
requesting principal should participate in the access granting or authentication process 
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and Gasser does not teach that the results of any search performed by the resource or 
resource monitor be made available to any members of the group. 

The examiner proposes to combine the Parker reference with Gasser in order to 
provide a teaching that the requesting party should provide access control or 
authentication information to the resource. The Parker reference discloses an access 
control system in which a user desiring to access a resource presents a privilege 
access certificate (PAC) to a PAC Use Monitor (PUM) which validates the PAC when 
requested by a resource (in this case a target application.) Parker states that the PAC 
contains a "certified collection of access rights" (Parker , column 1 , lines 24-26.) These 
access rights are, in turn, determined by an APA server from the user's status in the 
system. See column 2, line 67 - column 3, line 5. Thus, in Parker , the information that 
the user provides to the resource consists of access rights that have already been 
determined. Parker does not disclose that the user provide information that will be used 
to determine the access rights to the resource. More specifically, Parker does not 
disclose providing information to prove membership in a group. The examiner notes 
that Parker discusses organization by grouping at column 2, lines 13-15, 24-25 and 30- 
31 . However, the groups to which this section of Parker refers are groups of PUMs not 
groups of users. 

Thus, the combination proposed by the examiner teaches pre-determining rights 
and later providing them to the resource for access. This differ substantially from the 
claimed invention. For example, claim 1 recites, in lines 2-6, that the "presenter of 
credentials ... presents to the recipient of credentials one or more chains of group 
credentials that prove the presenter's membership in the nested group." This recitation 
is neither taught nor suggested by the proposed combination of Gasser and Parker . 
Gasser teaches storing the group membership information in a global naming service 
and using a resource monitor to search the lists. Parker discloses pre-determining the 
access rights and presenting them in a certified package to a user desiring access. 
Thus, the proposed combination might suggest that the resource monitor in Gasser 
might be used to search group lists to determine access rights before access is 
requested and then packaging those rights for later presentation by the user, but the 
combination cannot teach or suggest that at least some of the information relating to 
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group membership in the global naming service be accessible and obtained by the user 
and then provided to the resource for a determination of access rights as recited in 
claim 1 . Therefore, claim 1 patentably distinguishes over the cited reference 
combination. 

Claims 2-1 1 are dependent, either directly or indirectly, on claim 1 and 
incorporate the limitations thereof. Therefore, they distinguish over the cited reference 
combination in the same manner as claim 1. In addition, these claims recite further 
limitations not taught or suggested by the combination of Gasser and Parker . For 
example, claim 2 recites "one of said chains of group credentials comprise one or more 
proofs of group membership" and claims 3 and 4 recite that the proofs of group 
membership comprise group membership certificates (claim 3) or lists (claim 4.) As 
discussed above, Gasser discloses that the user submits a nonce encrypted with a 
private key and Parker discloses that the user submits predetermined access rights. 
Thus, neither reference teaches or suggests submitting proofs of group membership in 
the form of group certificates or lists. Thus, claims 2-4 patentably distinguish over the 
cited references for this reason. Similarly, claims 5-7 recite that proofs of group non- 
membership are submitted including group non-membership certificates and lists. As 
discussed above, neither reference teaches or suggests submitting proofs of group non- 
membership in the form of group certificates or lists. Thus, claims 5-7 patentably 
distinguish over the cited references for this reason. 

Claim 12 recites limitations that parallel those recited in claim 1 with the 
exception that the credentials presented by the presenter of credentials prove the 
presenter's non-membership in a group. Claim 12 patentably distinguishes over the 
cited reference combination in the same manner as claim 1 as discussed above. 

Claims 13-22 are dependent, either directly or indirectly, on claim 12 and 
incorporate the limitations thereof. Therefore, they distinguish over the cited reference 
combination in the same manner as claim 12. In addition, these claims recite limitations 
that parallel those recited in claims 2-11 and distinguish over the cited references in the 
same manner as those latter claims. 

Claims 23 and 34 recite limitations that parallel those recited in claims 1 and 12, 
respectively. Thus, claims 23 and 34 patentably distinguish over the cited reference 
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combination in the same manner as claims 1 and 12 as discussed above. 

Claims 24-33 and 35-44 are dependent, either directly or indirectly, on claims 23 
and 34, respectively, and incorporate the limitations thereof. Therefore, they distinguish 
over the cited reference combination in the same manner as claims 23 and 34. In 
addition, these claims recite limitations that parallel those recited in claims 2-1 1 and 
distinguish over the cited references in the same manner as those latter claims. 

Claim 45 recites, in lines 5-6, "obtaining one or more chains of group credentials 
that prove membership in the nested group" and, in lines 7-9, "transmitting to the server 
a request ... including the one or more chains of group credentials that prove 
membership in the nested group." Therefore, claim 45 recites limitations that are similar 
to those recited in claim 1 . In particular, neither Gasser nor Parker disclose 
"transmitting to the server a request ... including the one or more chains of group 
credentials that prove membership in the nested group" nor does the combination of 
references suggest such a feature. In Gasser the server performs the search and, in 
Parker , the request includes the access rights. Thus, claim 45 patentably distinguishes 
over the cited references. 

Claims 46-51 are dependent, either directly or indirectly, on claim 45 and 
incorporate the limitations thereof. Therefore, they distinguish over the cited reference 
combination in the same manner as claim 45. In addition, these claims recite limitations 
that parallel those recited in claims 2-1 1 and distinguish over the cited references in the 
same manner as those latter claims. 

Claim 52 recites limitations that parallel those recited in claim 45 with the 
exception that the request includes the one or more chains of group credentials that 
prove non-membership in the nested group. Claim 52 patentably distinguishes over the 
cited reference combination in the same manner as claim 45 as discussed above. 

Claims 53-58 are dependent, either directly or indirectly, on claim 52 and 
incorporate the limitations thereof. Therefore, they distinguish over the cited reference 
combination in the same manner as claim 52. In addition, these claims recite limitations 
that parallel those recited in claims 2-1 1 and distinguish over the cited references in the 
same manner as those latter claims. 
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Claims 59, 101 and 66, 108 recite limitations that parallel those recited in claims 
45 and 52, respectively. Thus, claims 59, 66, 101 and 108 patentably distinguish over 
the cited reference combination in the same manner as claims 45 and 52 as discussed 
above. 

Claims 60-65, 102-107 and 67-72, 109-114 are dependent, either directly or 
indirectly, on claims 59, 101 and 66, 108, respectively, and incorporate the limitations 
thereof. Therefore, they distinguish over the cited reference combination in the same 
manner as claims 59, 66, 101 and 108. In addition, these claims recite limitations that 
parallel those recited in claims 2-1 1 and distinguish over the cited references in the 
same manner as those latter claims. 

Claim 73 recites, in lines 5-7, "receiving a resource-access request from a client, 
said request including one or more chains of group credentials proving client 
membership in the nested group" Therefore, claim 73 recites limitations that are similar 
to those recited in claim 1 . In particular, neither Gasser nor Parker disclose "receiving a 
resource-access request from a client, said request including one or more chains of 
group credentials proving client membership in the nested group" nor does the 
combination of references suggest such a feature. Thus, claim 73 patentably 
distinguishes over the cited references. 

Claims 74-79 are dependent, either directly or indirectly, on claim 73 and 
incorporate the limitations thereof. Therefore, they distinguish over the cited reference 
combination in the same manner as claim 73. In addition, these claims recite limitations 
that parallel those recited in claims 2-1 1 and distinguish over the cited references in the 
same manner as those latter claims. 

Claim 80 recites limitations that parallel those recited in claim 73 with the 
exception that the request includes one or more chains of group credentials that prove 
non-membership in the group. Claim 80 patentably distinguishes over the cited 
reference combination in the same manner as claim 73 as discussed above. 

Claims 81-86 are dependent, either directly or indirectly, on claim 80 and 
incorporate the limitations thereof. Therefore, they distinguish over the cited reference 
combination in the same manner as claim 80. In addition, these claims recite limitations 
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that parallel those recited in claims 2-11 and distinguish over the cited references in the 
same manner as those latter claims. 

Claims 87, 115 and 94, 122 recite limitations that parallel those recited in claims 
73 and 80, respectively. Thus, claims 87, 94, 115 and 122 patentably distinguish over 
the cited reference combination in the same manner as claims 73 and 80 as discussed 
above. 

Claims 88-93, 95-100 and 116-121, 123-128 are dependent, either directly or 
indirectly, on claims 87, 115 and 94, 122, respectively, and incorporate the limitations 
thereof. Therefore, they distinguish over the cited reference combination in the same 
manner as claims 87, 94, 1 15 and 122. In addition, these claims recite limitations that 
parallel those recited in claims 2-1 1 and distinguish over the cited references in the 
same manner as those latter claims. 

Claims 101-128 have been amended to place them more clearly in a statutory 
class of invention. 

In light of the forgoing amendments and remarks, this application is now believed 
in condition for allowance and a notice of allowance is earnestly solicited. If the 
examiner has any further questions regarding this amendment, he is invited to call 
applicants' attorney at the number listed below. The examiner is hereby authorized to 
charge any fees or direct any payment under 37 C.F.R. §§1.17, 1.16 to Deposit Account 
number 02-3038. 



Respectfully submitted 
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